[html5] r7862 - [e] (0) Provide a hook for CSP. Affected topics: HTML

whatwg at whatwg.org whatwg at whatwg.org
Mon Apr 29 21:07:35 PDT 2013


Author: ianh
Date: 2013-04-29 21:07:34 -0700 (Mon, 29 Apr 2013)
New Revision: 7862

Modified:
   complete.html
   index
   source
Log:
[e] (0) Provide a hook for CSP.
Affected topics: HTML

Modified: complete.html
===================================================================
--- complete.html	2013-04-30 03:48:23 UTC (rev 7861)
+++ complete.html	2013-04-30 04:07:34 UTC (rev 7862)
@@ -67523,14 +67523,19 @@
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
-  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
-  <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
-  <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
-  <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
-  <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
-  <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+  as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+  type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+  <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+  <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+  the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+  address of the resource.</p>
 
+  <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
+
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
 
   <p>Then, the user agent must act as if it had <a href=#stop-parsing title="stop parsing">stopped

Modified: index
===================================================================
--- index	2013-04-30 03:48:23 UTC (rev 7861)
+++ index	2013-04-30 04:07:34 UTC (rev 7862)
@@ -67523,14 +67523,19 @@
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
-  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
-  <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
-  <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
-  <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
-  <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
-  <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+  as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+  type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+  <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+  <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+  the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+  address of the resource.</p>
 
+  <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
+
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
 
   <p>Then, the user agent must act as if it had <a href=#stop-parsing title="stop parsing">stopped

Modified: source
===================================================================
--- source	2013-04-30 03:48:23 UTC (rev 7861)
+++ source	2013-04-30 04:07:34 UTC (rev 7862)
@@ -75534,14 +75534,19 @@
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <span>browsing context</span>, the user agent should <span>create a <code>Document</code>
-  object</span>, mark it as being an <span title="HTML documents">HTML document</span>, set its
-  <span title="concept-document-content-type">content type</span> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <span>navigate</span> algorithm), append an
-  <code>html</code> element to the <code>Document</code>, append a <code>head</code> element and a
-  <code>body</code> element to the <code>html</code> element, append an <code>embed</code> to the
-  <code>body</code> element, and set the <code title="attr-embed-src">src</code> attribute of the
-  <code>embed</code> element to the address of the resource.</p>
+  object</span>, mark it as being an <span title="HTML documents">HTML document</span> and mark it
+  as being a <dfn>plugin document</dfn>, set its <span title="concept-document-content-type">content
+  type</span> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <span>navigate</span> algorithm), append an <code>html</code> element to the
+  <code>Document</code>, append a <code>head</code> element and a <code>body</code> element to the
+  <code>html</code> element, append an <code>embed</code> to the <code>body</code> element, and set
+  the <code title="attr-embed-src">src</code> attribute of the <code>embed</code> element to the
+  address of the resource.</p>
 
+  <p class="note">The term <span>plugin document</span> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code>iframe</code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href="#refsCSP">[CSP]</a></p>
+
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
 
   <p>Then, the user agent must act as if it had <span title="stop parsing">stopped




More information about the Commit-Watchers mailing list